Malware analysis avg_secure_browser_setup.exe Malicious activity

Add for printing

File name:	avg_secure_browser_setup.exe
Full analysis:	https://app.any.run/tasks/a03bd9ef-234d-4c98-a902-9a0dc9c76289
Verdict:	Malicious activity
Analysis date:	February 24, 2024, 15:39:29
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:	F1DEA1C6D714B450247B07A53288A68B
SHA1:	EBCA0136916A90FF0CDEDD25E42CB719CA818A86
SHA256:	6C351DAD98ADCF5702CBF22EA9B5F9268FB12D1804787296974F9A2C54259B6C
SSDEEP:	98304:dpeNmkANTySWS61t/ALLdWLqjbUrpe/A70ltz/ViyUShigPZ6ya4gNb9PiCmmKav:xLONit7Q3hfQw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: on
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdateSetup.exe (PID: 3276)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdateSetup.exe (PID: 3496)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdateSetup.exe (PID: 2956)
- Steals credentials from Web Browsers
  - ajB39.exe (PID: 3948)
- Actions looks like stealing of personal data
  - ajB39.exe (PID: 3948)
SUSPICIOUS
- Searches for installed software
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
- Reads security settings of Internet Explorer
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
- The process verifies whether the antivirus software is installed
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 2756)
  - AVGBrowserUpdate.exe (PID: 3940)
  - AVGBrowserUpdate.exe (PID: 696)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 2096)
  - AVGBrowserUpdate.exe (PID: 2972)
  - AVGBrowserUpdate.exe (PID: 1540)
  - AVGBrowserUpdate.exe (PID: 1596)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 2660)
  - AVGBrowserUpdate.exe (PID: 1404)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdate.exe (PID: 1036)
  - AVGBrowserUpdate.exe (PID: 1592)
  - AVGBrowserUpdate.exe (PID: 2984)
  - AVGBrowserUpdate.exe (PID: 3100)
  - AVGBrowserUpdate.exe (PID: 3780)
  - AVGBrowserUpdate.exe (PID: 1956)
  - AVGBrowserUpdate.exe (PID: 1652)
  - AVGBrowserUpdate.exe (PID: 2616)
- Executable content was dropped or overwritten
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdateSetup.exe (PID: 3276)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdateSetup.exe (PID: 3496)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdateSetup.exe (PID: 2956)
- Reads the Internet Settings
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1404)
  - AVGBrowserUpdate.exe (PID: 1956)
- Checks Windows Trust Settings
  - ajB39.exe (PID: 3948)
- Reads settings of System Certificates
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1956)
- Disables SEHOP
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 2616)
- Starts itself from another location
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 2616)
- Creates/Modifies COM task schedule object
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 2756)
  - AVGBrowserUpdate.exe (PID: 1596)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 3100)
  - AVGBrowserUpdate.exe (PID: 2616)
- Executes as Windows Service
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdate.exe (PID: 1652)
- Adds/modifies Windows certificates
  - AVGBrowserUpdate.exe (PID: 1656)
- Application launched itself
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 1792)
INFO
- Checks supported languages
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdateSetup.exe (PID: 3276)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 2756)
  - AVGBrowserUpdate.exe (PID: 3940)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 696)
  - AVGBrowserUpdate.exe (PID: 2972)
  - AVGBrowserUpdateSetup.exe (PID: 3496)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 2096)
  - AVGBrowserUpdate.exe (PID: 1596)
  - AVGBrowserUpdate.exe (PID: 1404)
  - AVGBrowserUpdate.exe (PID: 2660)
  - AVGBrowserUpdate.exe (PID: 1540)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdate.exe (PID: 1036)
  - AVGBrowserUpdate.exe (PID: 1592)
  - AVGBrowserUpdateSetup.exe (PID: 2956)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdate.exe (PID: 2984)
  - AVGBrowserUpdate.exe (PID: 3100)
  - AVGBrowserUpdate.exe (PID: 3780)
  - AVGBrowserUpdate.exe (PID: 1652)
  - AVGBrowserUpdate.exe (PID: 1956)
- Reads the computer name
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 3940)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 696)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 2972)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 1540)
  - AVGBrowserUpdate.exe (PID: 1404)
  - AVGBrowserUpdate.exe (PID: 2660)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdate.exe (PID: 1592)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdate.exe (PID: 2984)
  - AVGBrowserUpdate.exe (PID: 1956)
  - AVGBrowserUpdate.exe (PID: 3780)
  - AVGBrowserUpdate.exe (PID: 1652)
- Create files in a temporary directory
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1652)
- Process checks computer location settings
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
- Reads Environment values
  - avg_secure_browser_setup.exe (PID: 3700)
  - ajB39.exe (PID: 3948)
- Reads the machine GUID from the registry
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 696)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 2660)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdate.exe (PID: 3780)
  - AVGBrowserUpdate.exe (PID: 1652)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdate.exe (PID: 1956)
- Checks proxy server information
  - ajB39.exe (PID: 3948)
- Creates files in the program directory
  - AVGBrowserUpdateSetup.exe (PID: 3276)
  - AVGBrowserUpdate.exe (PID: 3964)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdateSetup.exe (PID: 3496)
  - AVGBrowserUpdate.exe (PID: 1792)
  - AVGBrowserUpdate.exe (PID: 1840)
  - AVGBrowserUpdateSetup.exe (PID: 2956)
  - AVGBrowserUpdate.exe (PID: 2616)
  - AVGBrowserUpdate.exe (PID: 1652)
- Creates files or folders in the user directory
  - ajB39.exe (PID: 3948)
- Reads the software policy settings
  - ajB39.exe (PID: 3948)
  - AVGBrowserUpdate.exe (PID: 2064)
  - AVGBrowserUpdate.exe (PID: 1656)
  - AVGBrowserUpdate.exe (PID: 1956)
  - AVGBrowserUpdate.exe (PID: 1652)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2019:12:16 00:50:53+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26112
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x350d
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	8.11.6.7313
ProductVersionNumber:	8.11.6.7313
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Arabic
CharacterSet:	Windows, Arabic
BuildDate:	19700120T180211
BuildTimestamp:	1706531249
BuildVersion:	8.11.6.7313
FileDescription:	إعداد AVG Secure Browser
FileVersion:	8.11.6.7313
InstallerCommit:	a485d5c491c307e7b2d577552c389367c6d50f95
InstallerEdition:	main
InstallerKeyword:	avg-securebrowser
InternalName:	AVG Secure Browser
JsisCommit:	5b8cb9e927bd1c7a4a6578eaf22d9b969fc5fa37
LegalCopyright:	حقوق الطبع والنشر (c) لعام 2024 محفوظة لشركة AVG Technologies
OmahaVersion:	1.8.1650.5
ProductName:	إعداد AVG Secure Browser
ProductVersion:	8.11.6.7313

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

696

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9118&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies" /installsource otherinstallcmd /sessionid "{5CFDB499-CC57-46F0-9927-EC420E14631C}" /silent

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

2147954407

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1036

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /unregserver

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1404

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY1MC41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY1MC41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjAiIHNlc3Npb25pZD0ie0I4MDlCRTU2LTNBMzAtNDdFMy05MzU3LUZFNkQ5NjU2ODNCQ30iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Int7OUYxMzU3MC0yLTY2LTRBLTQtNzI5LS1BNDZCLUE0MDlCQzh9IiB1c2VyaWRfZGF0ZT0iMjAyNDAyMjQiIG1hY2hpbmVpZD0ie3swMDAwNDRDLTMtRkQtMkMtRC05NTQtLTBGRjQtQkFGNUQ4OH0iIG1hY2hpbmVpZF9kYXRlPSIyMDI0MDIyNCIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5OUNEMzk1OC00NjAyLTREQzQtOENCQS1ENzFERDQ2MzUyQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIvPjxhcHAgYXBwaWQ9InsxQzg5RUYyRi1BODhFLTRERTAtOTdGRS1DQjQwQzhFNEZFRUF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjguMTY1MC41IiBsYW5nPSJlbi1VUyIgYnJhbmQ9IjkxMTgiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjExODgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

2147954407

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1540

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1576

C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}

C:\Windows\System32\dllhost.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

COM Surrogate

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1592

"C:\Program Files\GUM88AE.tmp\AVGBrowserUpdate.exe" /unregsvc

C:\Program Files\GUM88AE.tmp\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\gum88ae.tmp\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1596

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

—

AVGBrowserUpdate.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1652

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

services.exe

User:

SYSTEM

Company:

AVG Technologies

Integrity Level:

SYSTEM

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1656

"C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc

C:\Program Files\AVG\Browser\Update\AVGBrowserUpdate.exe

services.exe

User:

SYSTEM

Company:

AVG Technologies

Integrity Level:

SYSTEM

Description:

AVG Browser

Exit code:

Version:

1.8.1650.5

Modules

Images
c:\program files\avg\browser\update\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1792

"C:\Program Files\GUM88AE.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9118&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dmsedge --import-cookies&hostprefix=2-"

C:\Program Files\GUM88AE.tmp\AVGBrowserUpdate.exe

AVGBrowserUpdateSetup.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Browser

Exit code:

2147954407

Version:

1.8.1650.5

Modules

Images
c:\program files\gum88ae.tmp\avgbrowserupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

Add for printing

Total events

44 873

Read events

40 803

Write events

3 357

Delete events

713

Modification events


(PID) Process:	(3700) avg_secure_browser_setup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3700) avg_secure_browser_setup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3700) avg_secure_browser_setup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(3700) avg_secure_browser_setup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:	write	Name:	installer_run_count
Value: 1
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\AVG\Browser
Operation:	write	Name:	machine_id
Value: 000044c3fd2cd9540ff4baf5d88ee93e
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3948) ajB39.exe	Key:	HKEY_CURRENT_USER\Software\AVG\Browser
Operation:	write	Name:	user_id
Value: 9f135702664a4729a46ba409bc8fc0d5

Add for printing

Executable files

465

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\Midex.dll		executable
		MD5:574AE869F6CA6EB51BB64F40B3DCBF8F	SHA256:6F2ECAF8F694C4B92FF1E729D7A4D93DD21A4249BCDC2985EB1C798370F63393
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\jsisdl.dll		executable
		MD5:1D41C7F088AC582DF1961BF864640B84	SHA256:F3DA0050540238EB1CA75A67F140C1D6544F59122C94DD811FF267D41AB1B332
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\thirdparty.dll		executable
		MD5:2B09A28F02EDBD1FE30DF929B389D5D3	SHA256:CCA5A876DE7823DCEF9258474F5B1A8457ECD2BA8E9ADDBA588BC2F1A02B3FC3
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\avg-securebrowser-main-tags		binary
		MD5:E6F18D0E440F95963D71BED502D86970	SHA256:6305B0734B659DBDA965B9ACA5B559735B28F8D032622FE81F30F84AB4D11FFF
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\AccessControl.dll		executable
		MD5:BD4FA45476E947E1826C51766730CDCA	SHA256:C146B6F8B7E99F327FE60990A95507DA49CD5A385C0E9870BE105CAE195DE5EE
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\reboot.dll		executable
		MD5:B98B238AD5DFADB9C0A077E8FE93F07F	SHA256:9A3A839478FDC68333B186646694448EA852D5BDD0582A5FAC640A2FDBBCA5D2
3948	ajB39.exe	C:\Users\admin\AppData\Local\Temp\nsvE64.tmp\FF.places.tmp		—
		MD5:—	SHA256:—
3948	ajB39.exe	C:\Users\admin\AppData\Local\Temp\nsvE64.tmp\jsis.dll		executable
		MD5:CCBC3DE08E58798C5FC41965280DD033	SHA256:E0E17AE38C849C647E42811B039B5772918451B4BDA37317EB5E94A7EA4DE653
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\nsoFD3E.tmp\sciterui.dll		executable
		MD5:DA1F3C1529AAA6C2C22FD89412A32C72	SHA256:972348E7066F614AF8DBCF3B8CBD37E97A53C184F4C2693C136C9FD0D349E501
3700	avg_secure_browser_setup.exe	C:\Users\admin\AppData\Local\Temp\ajB39.exe		executable
		MD5:CD1DF93BD3E69C44D28A01C2E11D6ECB	SHA256:BB2338B04689EA1A48B1C0A7F2ABD1C4507F0E6E808F992B5DC42351EB1726CF

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3948	ajB39.exe	GET	304	23.220.73.166:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4c4c9325601fc74e	unknown	—	—	unknown
3948	ajB39.exe	GET	200	192.229.211.108:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D	unknown	binary	471 b	unknown
2064	AVGBrowserUpdate.exe	GET	200	23.220.73.166:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a3e0399fd1bac44c	unknown	compressed	65.2 Kb	unknown
1656	AVGBrowserUpdate.exe	GET	200	23.220.73.166:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?12afe32a0108ba7d	unknown	compressed	65.2 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
3948	ajB39.exe	104.20.158.62:443	stats.securebrowser.com	CLOUDFLARENET	—	unknown
3948	ajB39.exe	23.220.73.166:80	ctldl.windowsupdate.com	Akamai International B.V.	US	unknown
3948	ajB39.exe	192.229.211.108:80	ocsp.digicert.com	EDGECAST	US	unknown
2064	AVGBrowserUpdate.exe	104.22.62.125:443	update.avgbrowser.com	CLOUDFLARENET	—	unknown
1656	AVGBrowserUpdate.exe	104.22.62.125:443	update.avgbrowser.com	CLOUDFLARENET	—	unknown
1656	AVGBrowserUpdate.exe	23.220.73.166:80	ctldl.windowsupdate.com	Akamai International B.V.	US	unknown
2064	AVGBrowserUpdate.exe	23.220.73.166:80	ctldl.windowsupdate.com	Akamai International B.V.	US	unknown

DNS requests

Domain	IP	Reputation
stats.securebrowser.com	104.20.158.62	unknown
ctldl.windowsupdate.com	23.220.73.166	whitelisted
ocsp.digicert.com	192.229.211.108	whitelisted
update.avgbrowser.com	104.22.62.125	unknown
browser-update.avg.com	—	unknown
2-update.avgbrowser.com	—	unknown
3-update.avgbrowser.com	104.22.63.125	unknown
cdn-update3.avgbrowser.com	—	unknown

Threats

No threats detected

Add for printing

Process	Message
avg_secure_browser_setup.exe	2024-02-24T15:39:44 [libnsis] {00000e74:00000fd4} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
avg_secure_browser_setup.exe	2024-02-24T15:39:44 [libnsis] {00000e74:00000fd4} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
avg_secure_browser_setup.exe	2024-02-24T15:39:44 [libnsis] {00000e74:00000fd4} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsvE64.tmp\CR.History.tmp
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19747 AND vtime <= 19778 GROUP BY vtime
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsvE64.tmp\CR.History.tmp
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19747 AND vtime <= 19778 GROUP BY vtime
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsvE64.tmp\FF.places.tmp
ajB39.exe	2024-02-24T15:39:47 [libnsis] {00000f6c:00000754} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19747 AND vtime <= 19778 GROUP BY vtime

General Info

avg_secure_browser_setup.exe

F1DEA1C6D714B450247B07A53288A68B

EBCA0136916A90FF0CDEDD25E42CB719CA818A86

6C351DAD98ADCF5702CBF22EA9B5F9268FB12D1804787296974F9A2C54259B6C

98304:dpeNmkANTySWS61t/ALLdWLqjbUrpe/A70ltz/ViyUShigPZ6ya4gNb9PiCmmKav:xLONit7Q3hfQw

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Steals credentials from Web Browsers

Actions looks like stealing of personal data

SUSPICIOUS

Searches for installed software

Reads security settings of Internet Explorer

The process verifies whether the antivirus software is installed

Executable content was dropped or overwritten

Reads the Internet Settings

Checks Windows Trust Settings

Reads settings of System Certificates

Disables SEHOP

Starts itself from another location

Creates/Modifies COM task schedule object

Executes as Windows Service

Adds/modifies Windows certificates

Application launched itself

INFO

Checks supported languages

Reads the computer name

Create files in a temporary directory

Process checks computer location settings

Reads Environment values

Reads the machine GUID from the registry

Checks proxy server information

Creates files in the program directory

Creates files or folders in the user directory

Reads the software policy settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings